Use of SMB 2.0 with files greater than 4GB in size will result in file corruption

Content

Summary

When using an affected version of Data ONTAP (listed below), when a client using the SMB 2.0 protocol writes to a file at an offset greater than or equal to 4GB (i.e., anything above 4,294,967,295 bytes), Data ONTAP misinterprets the offset and writes to the file at a different offset instead. As a result, files of a size greater than 4GB will be corrupted when written to or copied using SMB 2.0.

Users Affected by This Issue

Any CIFS client which is using the Microsoft® SMB 2.0 protocol to a IBM storage appliance running an affected version of Data ONTAP (listed below) configured to support SMB 2.0 and that is writing to a file that is 4GB or more in size will be impacted by this issue.

Affected clients include:
Windows® Vista®, Windows Server 2008, and (currently in release candidate) Windows 7.

Affected versions of Data ONTAP include:
Data ONTAP 7.3.1 (and all P-release and D-patch derivatives)
Data ONTAP 7.3.1.1 (and all P-release and D-patch derivatives below 7.3.1.1P2, with the exception of 7.3.1.1D2)
Data ONTAP 7.3.1.1L1 (and all D-patch derivatives below 7.3.1.1L1P1)

Only storage appliances with SMB 2.0 enabled are vulnerable to this issue. SMB 2.0 is a new feature introduced in Data ONTAP release 7.3.1 and is disabled by default. SMB 2.0 is enabled if the option “cifs.smb2.enable” is set to “on” but will only be active if the SMB client also supports SMB 2.0.

Both the client and the storage appliance need to be configured to support SMB 2.0 in order to be exposed to this issue.

• Client:
  Please consult your operating system documentation for instructions on how to check whether SMB 2.0 is enabled on the client.

• Storage Appliance:
  To check the storage appliance, look at the value of the “cifs.smb2.enable” option. If it is set to “on,” then SMB 2.0 is enabled.

To check whether SMB 2.0 is actually being used against the storage appliance, look at the output of the cifs stat command either at the console or via AutoSupport. A non-zero value against any of the 60 counters that start with SMB2 (such as SMB2Close, SMB2Create, SMB2Read, etc.) will indicate SMB 2.0 activity.

Effect of This Issue

If a client using SMB 2.0 attempts to write at an offset greater than 4GB, Data ONTAP will misinterpret this value and write to the wrong offset. This will cause a corruption of the file and may make it unreadable.

Note that files impacted by this bug will need to be restored from an external source (or from a snapshot prior to the enabling of SMB 2.0). Because the corruption is in file data and not metadata, WAFL® file system recovery tools will not help.

What Do I Do if I Am Affected by This Issue?

If a file equal to or greater than 4GB (4,294,967,295 bytes or more) has already been written or moved or copied using an SMB 2.0 client with SMB 2.0 active on one of the affected versions of Data ONTAP, you need to restore a copy of the file from an external source (or from a snapshot created prior to the enabling of SMB 2.0). Because the corruption is in file data and not metadata, WAFL file system recovery tools will not help. Before restoring a copy of the file, please be sure to follow the workaround or solution steps below.

If no such file has yet been written to, you only need to follow the workaround or solution steps below.

Workaround

If SMB 2.0 is not required, please disable it using the following command:
options cifs.smb2.enable off
Alternatively, avoid transferring, manipulating, or copying files with sizes greater than or equal to 4GB (i.e., anything above 4,294,967,295 bytes) from SMB 2.0 clients.

Solution

Upgrade as soon as it can be scheduled to Data ONTAP 7.3.1.1P2 or later, or, where appropriate, to 7.3.1.1L1P1 or later as soon as it is available, where this issue is fixed. This issue will also be fixed in Data ONTAP 7.3.2 when it is available later in the year.